Diogo Teixeira wrote:
But two different clients (PCs) whit the same pair user/password can do
success login. =/
What i have done wrong ?
read doc/Simultaneous-Use. The requirements for it to work are
explained there.
You are likely *not* getting accounting packets.
Alan DeKok.
-
Anton Borisov wrote:
Good day!
You don't need to post the same message multiple times.
I try to use new version 2.1.3 in Solaris10.
(uname -a SunOS x 5.10 Generic_125100-06 sun4u sparc SUNW,Netra-240)
...
Undefined first referenced
symbol
t...@kalik.net wrote:
It is bad news, you say check mac address too
no way reject it simple without mac...
How much simpler can you get? You say that it is a problem that a user
with AD account gets access from an unauthorized machine. The only
answer is to check machine credentials. mac
Hi all,
During authentication process, I need to send an Accounting-Start to a network
equipment when the authentication is successful (when processing the
Access-Request), before sending the Access-Accept back.
Is it possible to create the Accounting-Request from inside a module and post
it
Good day!
Thank you! It is working!
Could I ask about key for Solaris OS in future?
Something like --without-SUN_LEN...
Sorry about duplicate, I thought my first message was rejected by
mail-filter.
Alan DeKok wrote:
Anton Borisov wrote:
Good day!
You don't need to post the same
During authentication process, I need to send an Accounting-Start to a network
equipment
Just out of interest - what is network equipment going to do with the
accounting request?
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
t...@kalik.net wrote:
I just thought there is a setting which is usefull to differentiate the
HOST/username and DOMAIN/username
OK. Lets try. What is SOMETHING in SOMETHING\username - HOST or DOMAIN?
If you can't tell ...
Ivan Kalik
Kalik Informatika ISP
okay I understand, i just
During authentication process, I need to send an Accounting-Start to a
network equipment
Just out of interest - what is network equipment going to do with the
accounting request?
It's a network filtering appliance. The Accounting-Request ships
attributes that say which filtering policy must
Hi, Aldo.
There's nothing special for freeradius providing AAA services for cdma
ev-do.
We're running CDMA (1xRTT, 1xEV-DO rev0/revA) network with ~25k peak
online users on two servers running FR.
Drop me a message if you're interested in details.
--
Alexander
Aldo wrote:
Hello, could please
I just thought there is a setting which is usefull to differentiate the
HOST/username and DOMAIN/username
OK. Lets try. What is SOMETHING in SOMETHING\username - HOST or DOMAIN?
If you can't tell ...
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
Hi. I need to use freeradius in multiple ways. I mean: based on realm, I
need to assign or not an IP address.
For example:
u...@with_ip
has to receive an IP from configured RADIPPOOL table
u...@without_ip
has only to be authenticated (a user who log to a portal, for example).
How
On Fri, Dec 12, 2008 at 7:45 AM, Geoffroy ARNOUD geo.arn...@gmail.comwrote:
During authentication process, I need to send an Accounting-Start to a
network equipment
Just out of interest - what is network equipment going to do with the
accounting request?
It's a network filtering
Geoffroy Arnoud wrote:
Is it possible to create the Accounting-Request from inside a module and
post it as an event, to let FreeRADIUS core manage processing/sending?
Yes. See src/main/session.c, session_zap() for a function that does this.
But if you plan on sending a packet to another
My table radacct is empty every time.
in radiusd.conf
i put option sql everywhere.
accounting{
}
session{
}
authorize{
}
authentication{
}
post-auth{
}
in uncomment the simul_count_query in sql.conf
and simultaneous-use don't work, because radacct table empty, even after
user success
Diogo Teixeira wrote:
My table radacct is empty every time.
This is in the FAQ.
and simultaneous-use don't work, because radacct table empty, even after
user success logged ! =//
As I already said:
You are likely *not* getting accounting packets.
If the NAS doesn't send accounting
Good day list
This is my first post to the list, so let me open by congratulating on a
great piece of software. I'm impressed.
I have the pleasure of working with WiMAX and a system called 4motion.
We have chosen to use FreeRadius as our AAA server, but are experiencing
some problems.
Kristoffer Milligan wrote:
This is my first post to the list, so let me open by congratulating on a
great piece of software. I'm impressed.
Thanks.
I have the pleasure of working with WiMAX and a system called 4motion.
We have chosen to use FreeRadius as our AAA server, but are
During authentication process, I need to send an Accounting-Start to a
network equipment
Just out of interest - what is network equipment going to do with the
accounting request?
It's a network filtering appliance. The Accounting-Request ships
attributes that say which filtering policy must
I just thought there is a setting which is usefull to differentiate the
HOST/username and DOMAIN/username
OK. Lets try. What is SOMETHING in SOMETHING\username - HOST or DOMAIN?
If you can't tell ...
Ivan Kalik
Kalik Informatika ISP
okay I understand, i just thought we have other
And you are absolutely sure that you are supposed to send it an
Accounting-Request and not proxy Access-Request? Considering that
filtering policies are a part of the access setup that would make much
more sense.
Yes I am. Actually, the appliance works like this, and is not the same
box as
What FAQ Alan ?
2008/12/12 Alan DeKok al...@deployingradius.com
Diogo Teixeira wrote:
My table radacct is empty every time.
This is in the FAQ.
and simultaneous-use don't work, because radacct table empty, even after
user success logged ! =//
As I already said:
You are likely
Upgrading from 2.1.1 to 2.1.3 on a Suse10.2 system and restarting
radiusd with the identical configuration showed the following message:
We do not own /var/run/radiusd/radiusd.sock.
ls -l /var/run/radiusd/radiusd.sock
srw-rw 1 radiusd radiusd 0 12. Dez 16:18 /var/run/radiusd/radiusd.sock
What FAQ Alan ?
Option 1: Go to the freeradius site. Click on Wiki link. Type FAQ in the
search box. Press Enter.
Option 2: Type freeradius faq in Google. Click on the first link that
comes up.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
For example:
u...@with_ip
has to receive an IP from configured RADIPPOOL table
u...@without_ip
has only to be authenticated (a user who log to a portal, for example).
How can I make it possibile? Where can I setup this behaviuor?
Create those realms as local realms in proxy.conf. Put:
Joshua Lim wrote:
A little info on the custom authentication procedure:
1. I need to provide a doubl! e-factor authentication to my users.
2. The first level will be a simple challenge and password (i reckon
that this can be done using File or MySQL).
Maybe.
3. Upon successful first
OK. I have in proxy.conf:
realm with_ip {
authhost= LOCAL
accthost= LOCAL
realm without_ip {
authhost= LOCAL
accthost= LOCAL
Next I have mysql tables containing usernames:
mysql select * from radcheck;
In my case i have SQL as a database to store accounting records.
In this case, the script checkrad is also called ?
My radacct table is always empty ! =/
My AP is a SMCWBR14T-G and i think the NAS is already well configured.
I'm really not understand the problem. =/
I read FAQ
Diogo Teixeira wrote:
My radacct table is always empty ! =/
You've said this a lot. The reason WHY it's empty has been explained
to you.
If you don't understand the explanations, ask *new* questions.
Posting the same complaint over and over again makes it look like
you're ignoring our
OK. I have in proxy.conf:
realm with_ip {
authhost= LOCAL
accthost= LOCAL
realm without_ip {
authhost= LOCAL
accthost= LOCAL
Next I have mysql tables containing usernames:
mysql select * from radcheck;
My AP is a SMCWBR14T-G and i think the NAS is already well configured.
How sure are you? I would be fairly certain that it isn't.
I'm really not understand the problem. =/
That's because you think that there is something wrong with freeradius.
I read FAQ (http://wiki.freeradius.org/FAQ) topic:
I was loathe to ask a newbie question, but it appears I have one.
How does one configure freeradius to listen on all IPs specific to a
machine?
I have a remote Ubuntu 7.10 server (32bit) which I want to use for
authentication via freeradius. It (freeradius 1.1.6-2) installed all
nice and is
Check firewall ports - we had fun when FR was listening on the 18s
but our firewall guy did his config using the traditional 16s. Also
have you got your FR client configured so FR server knows to process
requests from that source?
Hth
Andy
On 12/12/2008, kevin r...@yia.ca wrote:
I was loathe
I'm back again trying to build the latest into rpm for our CentOS 5.x servers.
I have edited the spec file so
Name: freeradius
and repacked the tgz so it is freeradius-2.1.3.tar.gz
but I get
[al...@host SPECS]$ rpmbuild -ba --nobuild freeradius.spec
Processing files: freeradius-2.1.3-0
error:
Norbert Wegener wrote:
Upgrading from 2.1.1 to 2.1.3 on a Suse10.2 system and restarting
radiusd with the identical configuration showed the following message:
We do not own /var/run/radiusd/radiusd.sock.
Ah... a side effect of fixing the run as unprivileged user, I think.
Removing
Please ignore...
tried again a few minutes later and it works perfectly.
- Andrew Long
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Just to be sure, iptables has been set to accept all.
A netstat shows:
udp0 0 *:radius*:*
udp0 0 *:radius-acct *:*
So radius appears to be listening to the ports on ALL
One silly question.
If i'm using cygwin version of freeradius.net, and i wish to create a custom
module, do i need to recompile Radiusd with cygwin (i would like to avoid that
as far as possible)? Or can i just simply compile my newly created module with
cygwin?
I read this but still can't
Kevin,
The relevant line is:
rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812
with invalid signature (err=2)! (Shared secret is incorrect.)
The shared secret to authenticate a client to the RADIUS server (for RADIUS,
not EAP traffic) is either not set, or you're using
When authenticating via PEAP or TTLS with an anonymous identity, the log
shows both the anonymous identity and the real identity tunneled through the
TLS tunnel. However, when TLS session resumption (caching) is enabled, only
the anonymous identity is logged. This is presumably due to the fact
Add: DEFAULT Auth-Type := Reject
Awesome, that worked.
So, if I wanted to enable multiple LDAP groups, would this be the correct
syntax:
DEFAULT LDAP-Group == foo, Auth-Type := Accept
DEFAULT LDAP-Group == bar, Auth-Type := Accept
DEFAULT LDAP-Group == baz, Auth-Type := Accept
DEFAULT
Thanks Jason, but I might have been unclear. Sorry about that.
I'm using fake data to send to the radius server. I do not care if it
passes or fails. I simply want the server to respond when I send a
message to x.x.3.199 (the network address of the machine) just as it
does when I send a
Hello,
According to the RFC 2866, it is possible to send back attributes to an
accounting update packet sent from a NAS.
What I have done is this: The authorization and authentication queries
are basically calls to a stored procedure in postgres that returns a
set of table type which
kevin wrote:
I'm using fake data to send to the radius server. I do not care if it
passes or fails. I simply want the server to respond when I send a
message to x.x.3.199 (the network address of the machine) just as it
does when I send a request to the localhost address on the machine.
Padam J Singh wrote:
According to the RFC 2866, it is possible to send back attributes to an
accounting update packet sent from a NAS.
*Please* use the correct terminology. It makes it easier for us to
understand your question.
If I read what I *think* you mean, then no, RFC 2866 does not
44 matches
Mail list logo
